UPnP helps you quickly connect devices to your network with no manual configuration. However, it can also let hackers into your network and put your devices at risk. In this article, we explain the benefits and risks of UPnP, and how you can protect yourself.
Contents
UPnP (Universal Plug and Play) is a network protocol that allows apps and devices to open and close ports automatically in order to connect with each other. UPnP requires zero configuration — you can add a new device to your network and have it automatically connect with your other devices.
UPnP is a way to make port forwarding automated and easier than a manual process. For example, if you want to connect a printer to everyone in your household without UPnP, you would need to connect the printer to every single device. UPnP automates this.
Zero-configuration means that none of the devices on your network need manual configuration to discover a new device. UPnP-enabled devices can automatically join a network, obtain an IP address, and find and connect to other devices on your network, making it very convenient.
Check out our video on UPnP below.
UPnP can be used in several ways to achieve a better online experience.
UPnP uses four common networking standards (TCP/IP, HTTP, XML, and SOAP) to automatically open and shut ports. UPnP uses a client-server model, in which control points, or clients, search for UPnP servers, or devices. The UPnP process consists of six main steps.
Originally, UPnP was only supposed to work on the LAN level, meaning that only devices on your network could connect to each other. However, many router manufacturers now enable UPnP by default, making them discoverable from the WAN, which leads to many security issues.
UPnP doesn’t use authentication or authorization for most devices, assuming that devices trying to connect to it are trustworthy and come from your local network. This means that hackers can find backdoors to your network. For example, they can discover your router on the wider net and then pretend to be an Xbox. They will send a UPnP request to your router and the router will open the port – no questions asked.
Once the hacker gets a presence on the network, they can:
You should disable UPnP to protect your security. Having UPnP enabled makes your network and the devices connected to it less safe, and could leave the door open to hackers.
As discussed in the previous section, leaving UPnP on opens you up to online threats. UPnP can offer convenience, but it’s not worth the risk. If you still want to open ports on your router, you can do so manually on a case-by-case basis, instead of relying on UPnP as a long-term solution.
One reason you might want to take the risk of UPnP is for gaming. UPnP certainly makes the gaming experience easier. Instead of you having to manually identify your port number for each device or online game, UPnP does it for you. Again, however, putting your network at risk from cyberattacks is never a good idea, regardless of how convenient something is.
If you turn off UPnP altogether, your router will ignore all incoming requests so you’ll have to set up devices manually. This means that the router will no longer automatically open ports on your LAN, ignoring even legitimate requests.
This doesn’t mean you won’t be able to connect to devices on your network or online games. But it will be more of a hassle. You’ll have to manually set up the port forwarding rules for each specific connection, which will require more time, effort, and technical knowledge. However, there are online tutorials to guide you through specific port forwarding.
Follow these steps to enable and then disable UPnP on your router. Please note that this will be a slightly different process depending on the model of router used.
When it comes to UPnP router vulnerabilities, there are two options you can choose to protect yourself.
First, you can enable UPnP-UP (Universal Plug and Play – User Profile), which provides authentication and authorization mechanisms for UPnP devices and applications. However, this is not a foolproof method as many devices don’t fully support it and might still assume that other devices connecting to your router are trustworthy.
The other more secure method is to disable UPnP completely. Before you do, it’s recommended to check whether your router is vulnerable to UPnP exploits. You should also consider whether you want to give up the convenience of UPnP and whether you will be able to set up your devices manually. Doing so may require some technical know-how.
Want to read more like this?
Get the latest news and tips from NordVPN.